"valid object" preconditions

Dan Bonachea reporter

changed milestone to 2018.09.30 release
changed version to Development branch (master)
marked as minor
changed component to RMA
changed title to "valid object" preconditions
assigned issue to

Amir Kamil

We now have preconditions of the form:

rput: "dest must reference a valid object of type T."
rget: "src must reference a valid object of type T."

The phrase "valid object" is an improvement over "valid memory", but I suspect it's still the wrong phrase for us to be using. In particular, we should not be requiring anything about the "before" contents of RMA destination memory (which in many important cases is uninitialized storage). Further, now that we've removed serialization from RMA and specified they only byte-copy, all that we actually require is that the pointers themselves are "valid", as in non-null and referencing live storage that is correctly aligned to hold an object of type T. RMA doesn't care at all about the "validity" of the object representation stored in that memory (source or dest).

The "valid object" phrase only appears twice in the entire C++17 spec, once when specifying that references may not be bound to null pointers, and the second in a random (somewhat informal) note. It only appears once in the C11 spec, when referring to trap representations.

Can we come up with a better way to state this aspect of the preconditions on memory regions to RMA, VIS and data movement collectives? (I'm more comfortable leaving it on atomics and computational collectives where we actually do computation on the contents of the objects).

Pull request #11 is tangentially relevant.

The "solution" here may just be to refer to some "common requirements" section in the C++ library spec that also applies to functions in our library. Eg C11 7.1.4 has this text, that applies to all library functions in the C spec unless otherwise noted:

If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined. If a function argument is described as being an array, the pointer actually passed to the function shall have a value such that all address computations and accesses to objects (that would be valid if the pointer did point to the first element of such an array) are in fact valid.

The C++ [res.on.arguments] section has similar text we could reference.

2018-03-21T12:29:31+00:00

Comments (7)

Dan Bonachea reporter
This also applies to rput_then_rpc, which currently lacks this precondition entirely
- 2017-06-20T08:55:01+00:00
Former user Account Deleted
- assigned issue to
- 2017-06-22T16:08:05+00:00
Former user Account Deleted
Here's what I'm going to spec about address validity:
- For rput/rget of a single value: "references a valid object of type T".
- For rput/rget of multiple values: "addresses in intervals [src,src+n) and [dst,dst+n) must reference valid objects of type T". In the case of n=0 this permits src,dst to be anything
- For rput_then_rpc: "addresses in [src,src+n) and [dst,dst+n) reference valid T objects, and either dst or dst-1 must point to a valid T object"
- 2017-06-22T16:22:25+00:00
Former user Account Deleted
- changed status to resolved
- 2017-06-22T16:58:22+00:00
Dan Bonachea reporter
- changed milestone to 2018.09.30 release
- changed version to Development branch (master)
- marked as minor
- changed component to RMA
- changed title to "valid object" preconditions
- assigned issue to
  
  Amir Kamil
We now have preconditions of the form:

rput: "dest must reference a valid object of type T."
rget: "src must reference a valid object of type T."

The phrase "valid object" is an improvement over "valid memory", but I suspect it's still the wrong phrase for us to be using. In particular, we should not be requiring anything about the "before" contents of RMA destination memory (which in many important cases is uninitialized storage). Further, now that we've removed serialization from RMA and specified they only byte-copy, all that we actually require is that the pointers themselves are "valid", as in non-null and referencing live storage that is correctly aligned to hold an object of type T. RMA doesn't care at all about the "validity" of the object representation stored in that memory (source or dest).

The "valid object" phrase only appears twice in the entire C++17 spec, once when specifying that references may not be bound to null pointers, and the second in a random (somewhat informal) note. It only appears once in the C11 spec, when referring to trap representations.

Can we come up with a better way to state this aspect of the preconditions on memory regions to RMA, VIS and data movement collectives? (I'm more comfortable leaving it on atomics and computational collectives where we actually do computation on the contents of the objects).

Pull request #11 is tangentially relevant.

The "solution" here may just be to refer to some "common requirements" section in the C++ library spec that also applies to functions in our library. Eg C11 7.1.4 has this text, that applies to all library functions in the C spec unless otherwise noted:

If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined. If a function argument is described as being an array, the pointer actually passed to the function shall have a value such that all address computations and accesses to objects (that would be valid if the pointer did point to the first element of such an array) are in fact valid.

The C++ [res.on.arguments] section has similar text we could reference.
- 2018-03-21T12:29:31+00:00
Dan Bonachea reporter
- changed status to open
- 2018-03-21T12:29:40+00:00
Amir Kamil
- changed status to resolved
Merged in d57cd44.
- 2018-08-29T23:52:58+00:00
Log in to comment